Aiomatic - Automatic AI Content Writer & Editor
Moderate fix1 remedy
cpe:2.3:a:coderevolution:aiomatic:*:*:*:*:wordpress:*:*
Moderate fix1 remedy
- <= 2.3.6
Aiomatic WordPress Plugin Missing Authorization Vulnerability Allows Unauthorized Data Modification
Vulnerability
Patched
A vulnerability exists in the Aiomatic WordPress plugin, specifically in the Automatic AI Content Writer & Editor, GPT-3 & GPT-4, ChatGPT ChatBot & AI Toolkit version 2.3.6 and prior. The issue stems from inadequate capability checks on several functions, enabling authenticated attackers with Subscriber-level access or higher to unauthorized access, modification, and deletion of various data. Exploitation allows these attackers to update and delete posts, manage batches, access and delete uploaded files, remove personas, forms, and templates, and clear logs. This vulnerability was partially addressed in version 2.3.5.
Impact
Exploitation of this vulnerability could lead to unauthorized data modification and deletion, allowing attackers to manipulate posts and other plugin-managed content without proper authorization.
Remediation
Users are advised to update the Aiomatic WordPress plugin to version 2.3.7 or a later patched version.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
1.0impact
0.6exploitability
5.4remediation
7.7relevance
0.0threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.